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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)K1 Responsive to communication(s) filed on 17 February 2006 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) M Claim(s) 24-41 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [X] Claim(s) 24-41 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Remarks 

1. In response to communications files on 17-February-2006, Therefore, claims 24-41 are 
presently pending in the application. 

2. In view of the appeal brief filed on February 17, 2006, PROSECUTION IS HEREBY 

REOPENED. A new ground of rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non- final) or a reply under 37 
CFR 1 . 1 1 3 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .3 1 followed by an 
appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee 
can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41 .20 have 
been increased since they were previously paid, then appellant must pay the difference between 
the increased fees and the amount previously paid. 

Double Patenting 

3. The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper timewise extension of the "right to exclude" granted by a patent and to prevent possible 
harassment by multiple assignees. See In re Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. 
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Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 
F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 
1970); and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321(c) may be used to 
overcome an actual or provisional rejection based on a nonstatutory double patenting ground 
provided the conflicting application or patent is shown to be commonly owned with this 
application. See 37 CFR 1 .130(b). 

Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 
CFR 3.73(b). 

4. Claims 24-41 are provisionally rejected under the judicially created doctrine of double 
patenting over claims 25-26 and 28-58 of copending application Serial No. 10/218,206 and 
claims 46-70 of copending application Serial No. 09/610,722. This is ^provisional double 
patenting rejection since the conflicting claims have not in fact been patented. 

The subject matter claimed in the instant application is fully disclosed in the referenced 
copending application and would be covered by any patent granted on that copending application 
since the referenced copending application and the instant application are claiming common 
subject matter. 

Claim Rejections - 35 JJSC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

6. Claims 24-26, 28-32, and 36-41 are rejected under 35 U.S.C. 103(a) as being 

unpatentable by Leung (U.S. patent 6,760,444); in view of Gunter et al . (U.S. patent 6,751,728); 

and further in view of Chang et al . (U.S. patent 6,862,278). 

As to claim 24, Leung teaches a system, comprising: 

a distributor unit that distributes a plurality of packets and security association 
information associated with the plurality of packets according to a distribution scheme (see 
figure 1; column 2, lines 57-67; column 3, lines 1-15; and column 7, lines 33-50); and 

wherein the plurality of security processing engines receive at least a portion of the 
security association information associated with the packets (see column 4, lines 32-62; column 
6, lines 7-46; column 7, lines 336-50; and claims 1-3), and 

Leung does not teach a plurality of security processing engines, coupled to the 
distributor unit, that perform authentication and cryptographic functions. 

Gunter el al . teaches a system and method of transmitting encrypted packets through a 
network access point (see abstract), in which he teaches a plurality of security processing 
engines, coupled to the distributor unit, that perform authentication and cryptographic functions 
(see figures 1, 3, 5, characters 1 12 and 116, and 8, character 152; column 1, lines 66-67; and 
column 2, lines 1-9). 

It would have been obvious to a person having ordinary skill in the art at the time the 
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invention was made to have modified Leung by the teaching of Gunter et aL because a plurality 
of security processing engines, coupled to the distributor unit, that perform authentication and 
cryptographic functions, would enable the method because "When the NAP receives such an 
encrypted packet intended for a host on its intranet, it cannot perform the address translation by 
simply replacing the original destination address with the intranet address of the receiving host. 
This is because the original destination address is used to generate the hash value in the packet. 
When the receiving host receives the modified packet, it decrypts the encrypted portion and 
authenticates the packet by calculating another hash value based on the addresses and data in 
the received packet, and comparing this hash value with the hash value included in the packet", 
(see column 1, lines 65-67 and column 2, lines 1-9). 

Leung does not teach wherein the plurality of security processing engines process the 
plurality of packets in parallel. 

Chang et al . teaches system and method using a packetized encoded bitstream for parallel 
compression and decompression (see abstract), in which he teaches wherein the plurality of 
security processing engines process the plurality of packets in parallel (see column 2, lines 32- 
39). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Leung by the teaching of Chang et al., because wherein 
the plurality of security processing engines process the plurality of packets in parallel, would 
enable the method because "Since each packet has a fixed-length with a tag field for directing, a 
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distributor can efficiently send different packets to different decoder units which can then 
process the packets in parallel", (see column 2, lines 32-39). 

As to claim 25, Leung as modified teaches wherein the plurality of packets are buffered 
prior to being processed by the plurality of security processing engines (see Gunter et al column 
3, lines 64-67 and column 4, line 1). 

As to claim 26, Leung as modified teaches the system further comprising a classification 
module that determines security association information %associated with a plurality of packets, 
wherein the classification module is configured to provide at least a portion of the security 
information associated with the packets to the distributor unit (see Gunter et al column 10, lines 
19-23 and column 10, lines 33-35). 

As to claim 28, Leung as modified teaches wherein the security association information 
includes a sequence number, an anti-replay window, and a lifetime of the security association 
(see Leung, column 3, lines 45-67 and column 4, lines 1-4). 

As to claim 29, Leung as modified teaches wherein the security association information 
further includes an encapsulating security payload (ESP) encryption algorithm identifier and one 
or more ESP encryption keys (see Gunter et al ., column 7, lines 33-39). 
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As to claim 30, Leung as modified teaches wherein the security association information 
further includes an ESP authentication algorithm identifier and one or more ESP authentication 
keys (see Gunter et aL column 7, lines 33-39). 

As to claim 3 1 Leung as modified teaches wherein the security association information 
further includes an authentication header (AH) authentication algorithm identifier and one or 
more AI-1 authentication keys (see Gunter et aL figure 5; column 2, lines 4-9; and column 8, 
lines 22-27). 

As to claim 32, Leung as modified teaches wherein the security association information 
includes protocol mode information (see Gunter et aL column 7, lines 10-19). 

As to claim 36, Leung as modified teaches wherein the system is a router (see Gunter et 
al, column 4, lines 44-46 and column 5, lines 48-51). 

As to claim 37, Leung as modified teaches wherein the system is a firewall (see Gunter et 
al, column 1, lines 32-35 and column 5, lines 34-37). 



As to claim 38, Leung as modified teaches wherein the system is a network 
communication device (see Gunter et ah abstract and column 1, lines 7-11). 
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As to claim 39, Leung as modified teaches wherein the system is a security gateway (see 
Gunter et al . column 5, Lines 35-38). 

As to claim 40, Leung as modified teaches wherein the system is a server (see Gunter et 
ai, column 1, lines 24-26; column 6, lines 44-49; and column 6, lines 62-64). 

As to claim 41, Leung as modified teaches wherein the system is a network line card (see 
Gunter et ah column 4, lines 14-22). 

7. Claim 27 is rejected under 35 U.S.C. 103(a) as being unpatentable over Leung (U.S. 
patent 6,760,444); in view of Gunter etal . (U.S. patent 6,751,728); and further in view of Chang 
et al . (U.S. patent 6,862,278) as applied to claims 24-26, 28-32, and 36-41 above, and further in 
view of Barlow et al . (U.S patent 6,038,551). 

As to claim 27, Gunter et al . does not teach wherein the distributor unit and the plurality 
of security processing engines are on the same chip. 

Barlow et al . teaches system and method for configuring and managing resources on a 
multi-purpose integrated circuit card using a personal computer (see abstract), in which he 
teaches wherein the distributor unit and the plurality of security processing engines are on the 
same chip (see column 7, lines 42-45 and column 1 1, lines 43-53). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Leung by the teaching of Barlow et al. , because wherein 
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the distributor unit and the plurality of security processing engines are on the same chip, would 
enable the system because, in the illustrated embodiment, the IC card 14 is configured with 
cryptography acceleration circuitry 64, shown integrated with the CPU 50, which streamlines 
cryptography computations to improve speed (see Barlow et aL column 1 1, lines 43-47). 

8. Claim 33 is rejected under 35 U.S.C. 103(a) as being unpatentable over Leung (U.S. 
patent 6,760,444); in view of Gunter et al . (U.S. patent 6,751,728); and further in view of Chang 
et al . (U.S. patent 6,862,278) as applied to claims 24-26, 28-32, and 36-41 above, and further in 
view of Robinson (U.S patent 5,734,829). 

As to claim 33, Leung does not teach wherein the distribution scheme is a round-robin 
distribution scheme, wherein the distributor unit selects a next available security processing 
engine in a round-robin manner. 

Robinson teaches a method and program for processing a volume of data on a parallel 
computer system (see abstract) in which he teaches wherein the distribution scheme is a round- 
robin distribution scheme, wherein the distributor unit selects a next available security 
processing engine in a round-robin manner (see column 2, lines 43-5 1). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Leung by the teaching of Robinson , wherein the 
distribution scheme is a round-robin distribution scheme, wherein the distributor unit selects a 
next available security processing engine in a round-robin manner, would enable the system to 
reduce the throughput time as taught in Robinson (Col. 2, lines 5-9). 
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9. Claims 34-35 is rejected under 35 U.S.C. 103(x) as being unpatentable over Leung (V. S. 
patent 6,760,444); in view of Gunter et al . (U.S. patent 6,751,728); and further in view of Chang 
et al . (U.S. patent 6,862,278) as applied to claims 24-26, 28-32, and 36-41 above, and further in 
view of M artin (U.S patent 5,867,706). 

As to claims 34 and 35, Leung does not teach the system further comprising an order 
maintenance packet retirement unit and wherein the distributor unit assigns packets for 
processing to a next available security processing engine regardless of the order received and the 
order maintenance packet retirement unit outputs the processed packets such that packet order is 
maintained. 

Martin discloses that each processor contains a load determining means that determines 
activity for the processor and is ultimately used by the decision means to decide which processor 
should service a client request (Abstract), which meets the limitation of the distributor unit 
assigns packets for processing to a next available security processing engine regardless of the 
order received and the order maintenance packet retirement unit outputs the processed packets 
such that packet order is maintained. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Leung by the teaching of Marti n, because the system 
further comprising an order maintenance packet retirement unit and wherein the distributor unit 
assigns packets for processing to a next available security processing engine regardless of the 
order received and the order maintenance packet retirement unit outputs the processed packets 
such that packet order is maintained, would enable the system "Decision means (90) is then 
used which, for each reference to a subsequent block of information in the file constructed by 
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the block retrieval means (80), determines, based on the load distribution record, which 
processor should service a request from the client computer (50) for that subsequent block of 
information, and includes an address for that processor in the file constructed by the block 
retrieval means (80)", (see abstract). 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Belix M. Ortiz whose telephone number is 571-272-4081. The 
examiner can normally be reached on moday-friday 9am-5pm. 

The fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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